IN THE CLAIMS 
Please amend the claims as follows: 

Claims 1-21 (canceled) 

22. (New) A domain manager device for managing a network 
including a plurality of devices, comprising: 

authentication means for generating a predetermined number of 
authentication tickets, each respective authentication ticket 
allowing a device with a first identifier to authenticate itself to 
a device with a second identifier and for issuing to a new device 
joining the network a predetermined number of symmetric 
authentication keys, each respective authentication key allowing 
authenticated communication with one respective other device in the 
network, the authentication tickets with a first identifier 
matching an identifier for the new device; and 

key management means for generating a predetermined number of 
master device keys, the authentication means being arranged for 
issuing one of the generated master device keys to the new device, 
the key management means being arranged for associating each 
generated master device key with a mutually unique identifier, 
for assigning to the new device as a device identifier the unique 
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identifier associated with the master device key issued to the new 
device, and upon the new device ceasing to be part of the network, 
for generating a new master device key and associating the 
generated new master device key with the unique identifier assigned 
previously as the device identifier to the new device. 

23. (New) The device of claim 22, wherein each respective 
authentication ticket is at least partially encrypted with a master 
device key from the predetermined number that is associated with 
the second identifier. 

24. (New) The device of claim 22, wherein the authentication 
means is arranged for, upon the key management means detecting that 
the device identifier assigned to the new device was previously 
assigned to another device, issuing a set of replacement 
authentication tickets to the new device, each respective 
replacement authentication ticket allowing a device with a first 
identifier to authenticate itself to the new device and being at 
least partially encrypted with the master device key associated 
with the first identifier. 

25. (New) The device of claim 22, wherein the key management 
means is arranged for receiving a global revocation list 
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identifying a number of revoked devices, creating a local 
revocation list identifying those revoked devices that are 
comprised in the network, and generating a number of revocation 
authentication codes, each respective revocation authentication 
code enabling authentication of the local revocation list using a 
respective master device key from the generated predetermined 
number of master device keys. 

26. (New) The device of claim 25, wherein the key management 
means is arranged for generating each respective revocation 
authentication code by computing a respective keyed message 
authentication code of the local revocation list using each 
respective master device key. 

27. (New) The device of claim 22, wherein the predetermined 
number of authentication keys is chosen as one less than or as 
equal to or more than a maximum number of devices that may 
concurrently be comprised in the network. 

28. (New) The device of claim 22, wherein the number of master 
device keys in the set is chosen as equal to or more than a maximum 
number of devices that may concurrently be comprised in the 
network. 
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29. (New) The device of claim 22, wherein the authentication 
means is arranged for generating for a particular identifier 
associated with a particular generated master device key 

a number of authentication tickets, each generated authentication 
ticket allowing a device with said particular identifier to 
authenticate itself to a device with one other of the unique 
identifiers associated with one of the generated master device 
keys . 

30. (New) A first device arranged to communicate with a second 
device via a network comprising a plurality of devices, the first 
device comprising: 

networking means for requesting to a domain manager device to 
join the network and for receiving from the domain manager device a 
predetermined number of symmetric authentication keys, each 
respective authentication key allowing authenticated communication 
with one respective other device comprised in the network, a master 
device key and a set of authentication tickets, each respective 
ticket allowing the first device to authenticate itself to a 
respective device from the plurality of devices; 

authentication means for communicating with the second device 
using the symmetric authentication key allowing authenticated 
communication with the second device, the authentication means 
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being arranged to accept the received further authentication ticket 
as valid if the received further authentication ticket can be 
successfully decrypted using the master device key, and the 
authentication means being arranged for distributing to the second 
device the authentication ticket from the set allowing the first 
device to authenticate itself to the second device. 

31. (New) The first device of claim 30, wherein the networking 
means is arranged for receiving from the second device a further 
authentication ticket, and the authentication means is arranged to 
authenticate the second device upon accepting the received further 
authentication ticket as valid. 

32. (New) The first device of claim 30, wherein the 
authentication means is arranged for deriving a session key from 
information contained in the distributed ticket and in the received 
further authentication ticket. 

33. (New) The first device of claim 30, wherein the further 
authentication ticket is encrypted, and the authentication means is 
arranged to, upon failing to decrypt the further authentication 
ticket with the master device key, distribute to the second device 
a new authentication ticket allowing the second device to 
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authenticate itself to the first device, the new authentication 
ticket being at least partially encrypted with the master device 
key of the second device. 

34. (New) The first device of claim 30, wherein the 
authentication means is arranged for receiving from the second 
device a new ticket allowing the first device to authenticate 
itself to the second device, the new ticket being at least 
partially encrypted with the master device key of the first device, 
and for decrypting the new ticket with the master device key and 
for replacing the ticket from the set allowing the first device to 
authenticate itself to the second device by the new ticket upon 
successful decryption of the new ticket. 

35. (New) The first device of claim 30, wherein the networking 
means is arranged for receiving a local revocation list identifying 
revoked devices that are comprised in the network and a number of 
revocation authentication codes, each respective revocation 
authentication code enabling authentication of the local revocation 
list using a respective master device key, the authentication means 
being arranged for accepting the local revocation list as valid if 
one of the received revocation authentication codes can be 
successfully decrypted using the master device key. 
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